daemon-set.yaml

---
kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: traefik-daemon-set
  namespace: kube-system
  labels:
    app: traefik-daemon-set

spec:
  selector:
    matchLabels:
      app: traefik
  template:
    metadata:
      labels:
        app: traefik
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      containers:
      - image: traefik:v2.4
        name: traefik
        ports:
        - name: http
          containerPort: 80
          hostPort: 80
        - name: https
          containerPort: 443
          hostPort: 443
        - name: admin
          containerPort: 8080
          hostPort: 8080
        securityContext:
          capabilities:
            drop:
            - ALL
            add:
            - NET_BIND_SERVICE
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /ping
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          timeoutSeconds: 3              
        args:
        # Enable the dashboard without requiring a password. Not recommended
        # for production.
        - --api.insecure
        - --api.dashboard=true
        - --ping=true

        # Specify that we want to use Traefik as an Ingress Controller.
        - --providers.kubernetesingress

        # Define two entrypoint ports, and setup a redirect from HTTP to HTTPS.
        #- --entrypoints.traefik.address=:8080
        - --entryPoints.web.address=:80
        - --entryPoints.websecure.address=:443
        #- --entrypoints.web.http.redirections.entryPoint.to=websecure
        #- --entrypoints.web.http.redirections.entryPoint.scheme=https

        # Enable debug logging. Useful to work out why something might not be
        # working. Fetch logs of the pod.
        # Let's Encrypt Configurtion.
        - --certificatesresolvers.default.acme.email=<Seu E-mail>
        - --certificatesresolvers.default.acme.storage=acme.json
        - --certificatesresolvers.default.acme.tlschallenge

        # Use the staging ACME server. Uncomment this while testing to prevent
        # hitting rate limits in production.
        # Habilitar a linha abaixo somente quando for gerar certificado para produção.
        #- --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
        #- --certificatesresolvers.default.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
        - --accesslog=true
        - --log=true
        - --metrics=true
        - --log.level=INFO
        - --metrics.prometheus=true
        #- --metrics.prometheus.entryPoint="web-secure"